[FEATURE] AppSec support user-agent passthrough
LaurenceJJones opened this issue Β· comments
Is your feature request related to a problem? Please describe. π
Hey team ππ» at CrowdSec we found an unfortunate bug that caused an issue with the way that AppSec was handling the user-agent off the client. From 1.6.1
we will support a new header that will ensure the actual client user agent is properly parsed and handled.
We plan to publish 1.6.1
soon so I thought I would make you aware of the issue so this plugin can be update by the time it is released
Describe the solution you'd like β¨
Add the user-agent to the corresponding header that is passed to the AppSec component
Hi @LaurenceJJones Thanks for letting us know in advance, I opened a PR to update to copy the header User-Agent
with X-Crowdsec-Appsec-User-Agent
before sending to AppSec.
Can we merge before release 1.6.1 of Crowdsec or should we wait ?
Hi @LaurenceJJones Thanks for letting us know in advance, I opened a PR to update to copy the header
User-Agent
withX-Crowdsec-Appsec-User-Agent
before sending to AppSec. Can we merge before release 1.6.1 of Crowdsec or should we wait ?
Up to you if you push the merge now it may conflict with some rules that check for "non-whitelisted" headers we have a testing session coming up shortly for 1.6.1
so we should be able to give you a definite date from there